US20230029772A1 - Secret maximum value calculation apparatus, method and program - Google Patents
Secret maximum value calculation apparatus, method and program Download PDFInfo
- Publication number
- US20230029772A1 US20230029772A1 US17/791,557 US202017791557A US2023029772A1 US 20230029772 A1 US20230029772 A1 US 20230029772A1 US 202017791557 A US202017791557 A US 202017791557A US 2023029772 A1 US2023029772 A1 US 2023029772A1
- Authority
- US
- United States
- Prior art keywords
- pairs
- value
- maximum value
- holds
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 21
- 238000012545 processing Methods 0.000 claims abstract description 33
- 238000010586 diagram Methods 0.000 description 3
- NRNCYVBFPDDJNE-UHFFFAOYSA-N pemoline Chemical compound O1C(N)=NC(=O)C1C1=CC=CC=C1 NRNCYVBFPDDJNE-UHFFFAOYSA-N 0.000 description 3
- 239000012634 fragment Substances 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Definitions
- the present disclosure relates to an encryption applied technique, and particularly to a method of computing a maximum value and a flag of a maximum value without revealing input or output.
- NPL 1 There is a method called secure computation as a method of obtaining a specific operation result without restoring encrypted numerical values (see, for example, NPL 1).
- NPL 1 an encryption in which fragments of numerical values are distributed among three secure computation apparatuses is performed and a coordinate computation is performed by the three secure computation apparatuses, and thus, without restoring the numerical value, it is possible to retain a state where results of addition/subtraction, constant addition, multiplication, constant multiplication, logical operations (negation, logical product, logical sum, exclusive logical sum), and data format conversion (integer, binary) are distributed among three secure computation apparatuses, i.e., an encrypted state.
- the number of comparison stages is as large as ⁇ (n) while the total number of comparisons for computing the maximum value is as large as ⁇ (n).
- An object of the present disclosure is to provide a secure maximum value computation apparatus, a method, and a program whose processing time is reduced.
- the processing time can be reduced.
- FIG. 1 is a diagram illustrating an example of a functional configuration of a secure maximum value computation apparatus.
- FIG. 2 is a diagram illustrating an example of a processing procedure of a secure maximum value computation method.
- FIG. 3 is a diagram illustrating an example of a functional configuration of a computer.
- a value of a certain value a hid by encryption, secret sharing and the like is referred to as a secret value of a and represented as [[a]].
- a secret value of a A value of a certain value a hid by encryption, secret sharing and the like is referred to as a secret value of a and represented as [[a]].
- the hiding is performed by secret sharing
- a set of fragments of the secret sharing held by each secure computation apparatus according to the [[a]] is referenced.
- secret values [[c 9 1 ]], [[c 2 ]]and [[c 3 ]] of computation results c 1 , c 2 and c 3 of a+b, a ⁇ b and ab, respectively, are computed with secret values [[a]] and [[b]] of two values a and b as inputs. Executions of these operations are described as follows.
- the Boolean value is 1 when true and 0 when false. Executions of these operations are described as follows.
- a secure maximum value computation apparatus includes an initialization unit 1 , a pair creation unit 2 , a determination unit 3 , a set updating unit 4 , a control unit 5 and a flag determination unit 6 , for example.
- the secure maximum value computation method is achieved when the components of the secure maximum value computation apparatus perform the processing operations of steps S 1 to S 6 described below and illustrated in FIG. 2 , for example.
- the n is a predetermined positive integer of 2 or greater. For example, n ⁇ 4 holds.
- the initialized X′ is output to the pair creation unit 2 .
- the X′ initialized by the initialization unit 1 is input to the pair creation unit 2 . Note that in the second and subsequent processing operations of the pair creation unit 2 , the X′ updated by the set updating unit 4 is input.
- the pair creation unit 2 creates one or more pairs such that no element in the X′ is included in two or more pairs from among the input X′ (step S 2 ).
- the created one or more pairs are output to the determination unit 3 .
- the secret value that is not included in the one or more pairs in the X′ is output to the set updating unit 4 .
- the pair creation unit 2 creates two or more pairs at least once. In the case where n ⁇ 4 holds, comparison can be performed through computation of n ⁇ 2 stages or less.
- the one or more pairs created by the pair creation unit 2 are input to the determination unit 3 .
- the determination unit 3 determines, through secure computation, a secret value of a larger value among the [[x i ]] and the [[x j ]] included in each of the one or more pairs, with respect to an order R (step S 3 ).
- the determined secret value of the larger value is output to the set updating unit 4 .
- the secret value of the larger value determined by the determination unit 3 is input to the set updating unit 4 .
- the secret value that is not included in the one or more pairs in the X′ is input to the set updating unit 4 .
- the set updating unit 4 sets, as a new X′, a set including the secret value that is not included in one or more pairs in the X′ and the secret value determined by the determination unit 3 (step S 4 ).
- the flag determination unit 6 determines the flag [[z(x i )]] by performing the following processing operations (a) and (b), on [x i ] that is included in the X′ even once.
- the computation of the flag [[z(x i )]] is performed in the reverse order of the computations of the pair creation unit 2 , the determination unit 3 , the set updating unit 4 and the control unit 5 .
- the maximum value is sequentially updated from a set of secret values while maintaining the maximum value, and as such the number of comparison stages is ⁇ (n).
- a small number of comparison stages can be achieved by recursively calculating the maximum value while exponentially reducing the problem as in the above embodiment.
- the number of comparison stages is ⁇ (n) in the known method.
- the number of comparison stages can be reduced while maintaining the total number of comparisons at ⁇ (n) by appropriately selecting the comparison order.
- (2-b), (2-c), (3-b) and (3-c) correspond to the processing of the determination unit 3 .
- (3-f), (3-g) and (3-h) correspond to the processing of the flag determination unit 6 .
- the exchange of data between the components of the secure maximum value computation apparatus may be performed directly or via a storage unit not illustrated.
- processing details of the functions that each of the devices should have are described by a program.
- the program is executed by the computer, the various processing functions of each device described above are implemented on the computer. For example, a variety of processing described above can be performed by causing a recording unit 2020 of the computer illustrated in FIG. 3 to read a program to be executed and causing a control unit 2010 , an input unit 2030 , an output unit 2040 , and the like to execute the program.
- the program in which the processing details are described can be recorded on a computer-readable recording medium.
- the computer-readable recording medium may be any type of medium such as a magnetic recording device, an optical disc, a magneto-optical recording medium, or a semiconductor memory.
- the program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or a CD-ROM with the program recorded on it.
- the program may be stored in a storage device of a server computer and transmitted from the server computer to another computer via a network, so that the program is distributed.
- a computer executing the program first temporarily stores the program recorded on the portable recording medium or the program transmitted from the server computer in its own storage device.
- the computer reads the program stored in its own storage device and executes the processing in accordance with the read program.
- the computer may directly read the program from the portable recording medium and execute processing in accordance with the program, or, further, may sequentially execute the processing in accordance with the received program each time the program is transferred from the server computer to the computer.
- it can also be configured to execute the processing described above through a so-called application service provider (ASP) type service in which processing functions are implemented just by issuing an instruction to execute the program and obtaining results without transmitting the program from the server computer to the computer.
- ASP application service provider
- the program in this form is assumed to include information which is provided for processing of a computer and is equivalent to a program (data or the like that has characteristics of defining the processing of the computer rather than being a direct instruction to the computer).
- the device is configured by executing a predetermined program on a computer in this form, at least a part of the processing details may be implemented by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Complex Calculations (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A secure maximum value computation apparatus includes an initialization unit 1 that sets X′=X, a pair creation unit 2 that creates, from among the X′, one or more pairs such that no element is included in two or more pairs, a determination unit 3 that determines, through secure computation, a secret value that is a larger value among [[xi]]and [[xi]] included in each of the one or more pairs for each of the one or more pairs that are created, a set updating unit 4 that sets, as a new X′, when there is a secret value that is not included in the one or more pairs in the X′, a set including the secret value that is not included in the one or more pairs in the X′ and the secret value determined by the determination unit, a control unit 5 that performs a control to repeat the above-described processing operations until |X′|=1 holds, and a flag determination unit 6 that determines a flag [[z(xi)]] (i=1, . . . n) such that [[z(xg)]]=[[1]] holds when [[xg]] (g∈[1, n]) is a maximum value and [[z(xi)]]=[[0]] holds when i≠g holds.
Description
- The present disclosure relates to an encryption applied technique, and particularly to a method of computing a maximum value and a flag of a maximum value without revealing input or output.
- There is a method called secure computation as a method of obtaining a specific operation result without restoring encrypted numerical values (see, for example, NPL 1). In the method disclosed in
NPL 1, an encryption in which fragments of numerical values are distributed among three secure computation apparatuses is performed and a coordinate computation is performed by the three secure computation apparatuses, and thus, without restoring the numerical value, it is possible to retain a state where results of addition/subtraction, constant addition, multiplication, constant multiplication, logical operations (negation, logical product, logical sum, exclusive logical sum), and data format conversion (integer, binary) are distributed among three secure computation apparatuses, i.e., an encrypted state. For computation of the maximum value of n values encrypted by the secure computation and the flag of the maximum value, there is a method in which the current maximum value and the number of the element of the maximum value are held as a cipher text, sequential comparison with n cipher texts is performed, the maximum value and the number of the element of the maximum value are updated, and finally the flag is computed from the number (for example see NPL 2). -
NPL 1 CHIDA KOJI, HAMADA KOKI, IKARASHI DAI, TAKAHASHI KATSUMI, A Three-Party Secure Function Evaluation with Lightweight Verifiability Revisited, In CSS, 2010. NPL 2 Sameer Wagh, Divya Gupta, and Nishanth Chandran. Securenn: 3-party secure computation for neural network training. Proceedings on Privacy Enhancing Technologies, Vol. 1, p. 24, 2019. - In the known method; however, the number of comparison stages is as large as Θ(n) while the total number of comparisons for computing the maximum value is as large as Θ(n).
- An object of the present disclosure is to provide a secure maximum value computation apparatus, a method, and a program whose processing time is reduced.
- A secure maximum value computation apparatus according to an aspect of the present disclosure includes an initialization unit that sets X′=X, assuming X={[[x1]], [[x2]], . . . , [[xn]]}, a pair creation unit that creates, from among the X′, one or more pairs such that no element in the X′ is included in two or more pairs, a determination unit that determines, through secure computation, a secret value that is a larger value among [[xi]] and [[xj]] included in each of the one or more pairs, with respect to an order R for each of the one or more pairs that are created, a set updating unit that sets, as a new X′, when there is a secret value that is not included in the one or more pairs in the X′, a set including the secret value that is not included in the one or more pairs in the X′ and the secret value determined by the determination unit, a control unit that performs a control to repeat, with the new X′ as the X′, processing operations of the pair creation unit, the determination unit, and the set updating unit until |X′|=1 holds, and a flag determination unit that determines, with a secret value that is an only element of the X′ that meets |X′|=1 as a maximum value, a flag [[z(xi)]] (i=1, . . . n) such that [[z(xg)]]=[[1]] holds when [[xg]] (g∈[1, n]) is a maximum value and [[z(xi)]]=[[0]] holds when i≠g holds.
- The processing time can be reduced.
-
FIG. 1 is a diagram illustrating an example of a functional configuration of a secure maximum value computation apparatus. -
FIG. 2 is a diagram illustrating an example of a processing procedure of a secure maximum value computation method. -
FIG. 3 is a diagram illustrating an example of a functional configuration of a computer. - An embodiment of the present disclosure is elaborated below. Note that in the drawings, the components with the same function are denoted with the same reference numeral, and overlapping description thereof is omitted.
- Notation
- A value of a certain value a hid by encryption, secret sharing and the like is referred to as a secret value of a and represented as [[a]]. In the case where the hiding is performed by secret sharing, a set of fragments of the secret sharing held by each secure computation apparatus according to the [[a]] is referenced.
- Decryption
- Processing of computing a value c that meets c=a with an input of a secret value [[a]] of a is described as follows.
- c←Open([[a]])
- Arithmetic Operation
- In operations of addition, subtraction, and multiplication, secret values [[c9 1]], [[c2]]and [[c3]] of computation results c1, c2 and c3 of a+b, a−b and ab, respectively, are computed with secret values [[a]] and [[b]] of two values a and b as inputs. Executions of these operations are described as follows.
- [[c1]]←Add([[a]], [[b]])
- [[c2]]←Sub([[a]], [[b]])
- [[c3]]←Mul([[a]], [[b]])
- In the case where there is no possibility of misunderstanding, Add([[a]], [[b]]), Sub([[a]], [[b]]) and Mul([[a]], [[b]]) are abbreviated as [[a]]+[[b]], [[a]]−[[b]] and [[a]]×[[b]], respectively.
- Comparison
- In comparison operation, the secret values [[c1]], [[c2]] and [[c3]] of Boolean values c∈{0, 1} of a=b, a≤b, a<b, respectively, are computed with the secret values [[a]] and [[b]] of the two values a and b as inputs. The Boolean value is 1 when true and 0 when false. Executions of these operations are described as follows.
- [[c0]]←EQ([[a]], [[b]])
- [[c1]]←LE([[a]], [[b]])
- [[c2]]←LT([[a]], [[b]])
- Selection
- In selection operation, with a secret value [[c]] of a Boolean value c∈{0, 1} and the secret values [[a]] and [[b]] of two values a and b as inputs, and
-
- a secret value [[d]] that meets
Math 1 is computed. Execution of the above operation is described as follows. - [[d]]←IfElse([[c]], [[a]], [[b]]) The above operation can be achieved by the following.
- [[d]]←[[c]]×([[a]]−[[b]])+[[b]]
- Secure Maximum Value Computation Apparatus and Method
- As illustrated in
FIG. 1 , a secure maximum value computation apparatus includes aninitialization unit 1, apair creation unit 2, adetermination unit 3, aset updating unit 4, acontrol unit 5 and aflag determination unit 6, for example. - The secure maximum value computation method is achieved when the components of the secure maximum value computation apparatus perform the processing operations of steps S1 to S6 described below and illustrated in
FIG. 2 , for example. - Each component of the secure maximum value computation apparatus is described below.
-
Initialization Unit 1 - X={[[x1]], [[x2]], . . . , [[xn]]} is input to the
initialization unit 1. The n is a predetermined positive integer of 2 or greater. For example, n≥4 holds. - The
initialization unit 1 initializes a set X′ by setting X′=X (step S1). - The initialized X′ is output to the
pair creation unit 2. - Pair Creation
Unit 2 - The X′ initialized by the
initialization unit 1 is input to thepair creation unit 2. Note that in the second and subsequent processing operations of thepair creation unit 2, the X′ updated by theset updating unit 4 is input. - The
pair creation unit 2 creates one or more pairs such that no element in the X′ is included in two or more pairs from among the input X′ (step S2). - The created one or more pairs are output to the
determination unit 3. In addition, when there is a secret value that is not included in the one or more pairs in the X′, the secret value that is not included in the one or more pairs in the X′ is output to theset updating unit 4. - For example, the
pair creation unit 2 creates two or more pairs at least once. In the case where n≥4 holds, comparison can be performed through computation of n−2 stages or less. -
Determination Unit 3 - The one or more pairs created by the
pair creation unit 2 are input to thedetermination unit 3. - For each of the one or more created pairs, the
determination unit 3 determines, through secure computation, a secret value of a larger value among the [[xi]] and the [[xj]] included in each of the one or more pairs, with respect to an order R (step S3). - The determined secret value of the larger value is output to the
set updating unit 4. - Set Updating
Unit 4 - The secret value of the larger value determined by the
determination unit 3 is input to theset updating unit 4. In addition, when there is a secret value that is not included in the one or more pairs in the X′, the secret value that is not included in the one or more pairs in the X′ is input to theset updating unit 4. - When there is a secret value that is not included in the one or more pairs in the X′, the
set updating unit 4 sets, as a new X′, a set including the secret value that is not included in one or more pairs in the X′ and the secret value determined by the determination unit 3 (step S4). -
Control Unit 5 0 - The
control unit 5 performs a control to repeat, with the new X′ generated by theset updating unit 4 as X′, the processing operations of thepair creation unit 2, thedetermination unit 3 and theset updating unit 4 until=1 holds (step S5). - Here, |X′| is the number of elements included in the set X′.
- The X′ that meets |X′|=1 is output to the
flag determination unit 6. -
Flag Determination Unit 6 - The X′ that meets |X′|=1 is input to the
flag determination unit 6. - With a secret value that is an only element of the X′ that meets |X′|=1 as a maximum value, the
flag determination unit 6 determines a flag [[z(xi)]] (i=1, . . . , n) such that [[z(xg)]]=[[1]] holds when [[xg]] (g∈[1, n]) is a maximum value and [[z(xi)]]=[[0]] holds when i≠g holds (step S6). - For example, the
flag determination unit 6 determines the flag [[z(xi)]] by performing the following processing operations (a) and (b), on [xi] that is included in the X′ even once. The computation of the flag [[z(xi)]] is performed in the reverse order of the computations of thepair creation unit 2, thedetermination unit 3, theset updating unit 4 and thecontrol unit 5. - (a) The
flag determination unit 6 sets [[z(xg)]]=[[1]] when [[xi]] is [[xg]]. - (b) When the [[xk]] is computed by the comparison between the [[xi]] and the [[xi]] and the [[z(xk)]] has already been computed, the
flag determination unit 6 uses the comparison result of the [[xi]] and the [[xj]], and the [[z(xk)]] to perform computation such that [[z(x+)]]=[[xk]] holds for [[x+]], which is the larger one of the [[xi]] and the [[xj]], and that [[z(x−)]]=[[0]] holds for [[x−]], which is not the larger one of the [[xi]] and the [[xj]]. - In a known method, the maximum value is sequentially updated from a set of secret values while maintaining the maximum value, and as such the number of comparison stages is Θ(n). On the other hand, a small number of comparison stages can be achieved by recursively calculating the maximum value while exponentially reducing the problem as in the above embodiment.
- To be more specific, in the case where a secret value of a maximum value and a secret value of a flag indicating whether it is the maximum value are computed from a set of secret values with a size n, the number of comparison stages is Θ(n) in the known method. Conversely, in the secure maximum value computation apparatus and method according to the present disclosure, the number of comparison stages can be reduced while maintaining the total number of comparisons at Θ(n) by appropriately selecting the comparison order.
- An example of an algorithm achieved by the above-mentioned secure maximum value computation apparatus and method is described below. In this algorithm, in creation of pairs, └|X′|/2┘ pairs are created. Note that └X′|/2┘ is a maximum integer of |X′|/2 or smaller. With this algorithm, the number of comparison stages can be asymptotically set to O(log n) for n.
- Input: X={[[x1]], . . . , [[xn]]}
- Output: [[y]], [[z(x1)]], . . . , [[z(xn)]]
- Notation: [[y]], [[z(x1)]], . . . , [[z(xn)]]←f([[x1]], . . . , [[xn]])
- (1) If n=1 holds, return [[y]]=[[x1]] and [[z(x1)]]=[[z(x1]]=[[1]], and terminate.
- (2) When n is a multiple of 2, execute the following (2-a) to (2-f).
- (2-a) h←n/2
- (2-b) [[fi]]←LE([[xi]], [[xi+h]]) (i∈[1, h])
- (2-c) [[mi]]←IfElse([[fi]], [[xi+h]], [[xi]]) (i∈[1, h])
- (2-d) [[y]], [[z(m1)]], . . . , [[z(mh)]]←f([[m1]], . . . , [[mh]])
- (2-e) [[z(xi)]]←[[z(mi)]]×(1−[[fi]]) (i∈[1, h])
- (2-f) [[z(xi+h)]]←[[z(mi)]]×(i∈[1, h])
- (3) When n is not a multiple of 2, execute the following.
- (3-a) h←(n−1)/2
- (3-b) [[fi]]←LE([[xi]], [[xi+h]]) (i∈[1, h])
- (3-c) [[mi]]←IfElse([[fi]], [[xi+h]], [[xi]]) (i∈[1, h])
- (3-d) [[mh+1]]←[[xn]]
- (3-e) [[y]], [[z(m1)]], . . . , [[z(mh)]], [[z(mh+1]]←f([[m1]], . . . , [[mh+1]])
- (3-f) [[z(xi)]]←[[z(mi)]]×(1−[[fi]]) (i∈[1, h])
- (3-g) [[z(xi+h)]]←[[z(mi)]]×[[fi]] (i∈[1, h])
- (3-h) [[z(xn)]]←[[z(mh+1)]]
- In (2-b), (2-c), (3-b) and (3-c), a pair of [[xi]] and [[xi+h]] is used. Although not explicitly stated in the above-mentioned algorithm, this creation of the pair corresponds to the process of the
pair creation unit 2. - (2-b), (2-c), (3-b) and (3-c) correspond to the processing of the
determination unit 3. - In (2-d), a recursive algorithm is performed on a new set [[m1]], . . . , [[mh]]. This new set [[m1]], . . . , [[mh]] corresponds to X′. The determination of this new set X′=[[m1]], [[mh]] corresponds to the processing of the
set updating unit 4. - Likewise, in (3-d) and (3-e), a recursive algorithm is performed on a new set [[m1]], [[mh+1]]. This new set [[m1]], . . . , [[mh+1]] corresponds to X′. The determination of this new set X′=[[m1]], . . . , [[mh+1]] corresponds to the process of the
set updating unit 4. - In addition, the part where the algorithm is recursively performed in (2-d) and (3-e) corresponds to the processing of the
control unit 5. - (3-f), (3-g) and (3-h) correspond to the processing of the
flag determination unit 6. - Although the embodiments of the present disclosure have been described above, a specific configuration is not limited to the embodiments, the present disclosure, of course, also includes configurations appropriately changed in design without departing from the gist of the present disclosure.
- The various kinds of processing described in the embodiments are not only implemented in the described order in a time-series manner but may also be implemented in parallel or separately as necessary or in accordance with a processing capability of the apparatus which performs the processing.
- For example, the exchange of data between the components of the secure maximum value computation apparatus may be performed directly or via a storage unit not illustrated.
- Program and Recording Medium
- When various processing functions in the devices described above are implemented by a computer, processing details of the functions that each of the devices should have are described by a program. In addition, when the program is executed by the computer, the various processing functions of each device described above are implemented on the computer. For example, a variety of processing described above can be performed by causing a
recording unit 2020 of the computer illustrated inFIG. 3 to read a program to be executed and causing acontrol unit 2010, aninput unit 2030, anoutput unit 2040, and the like to execute the program. - The program in which the processing details are described can be recorded on a computer-readable recording medium. The computer-readable recording medium, for example, may be any type of medium such as a magnetic recording device, an optical disc, a magneto-optical recording medium, or a semiconductor memory.
- In addition, the program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or a CD-ROM with the program recorded on it. Further, the program may be stored in a storage device of a server computer and transmitted from the server computer to another computer via a network, so that the program is distributed.
- For example, a computer executing the program first temporarily stores the program recorded on the portable recording medium or the program transmitted from the server computer in its own storage device. When executing the processing, the computer reads the program stored in its own storage device and executes the processing in accordance with the read program. Further, as another execution form of this program, the computer may directly read the program from the portable recording medium and execute processing in accordance with the program, or, further, may sequentially execute the processing in accordance with the received program each time the program is transferred from the server computer to the computer. In addition, it can also be configured to execute the processing described above through a so-called application service provider (ASP) type service in which processing functions are implemented just by issuing an instruction to execute the program and obtaining results without transmitting the program from the server computer to the computer. Further, the program in this form is assumed to include information which is provided for processing of a computer and is equivalent to a program (data or the like that has characteristics of defining the processing of the computer rather than being a direct instruction to the computer).
- In addition, although the device is configured by executing a predetermined program on a computer in this form, at least a part of the processing details may be implemented by hardware.
- 1 Initialization unit
- 2 Pair creation unit
- 3 Determination unit
- 4 Set updating unit
- 5 Control unit
- 6 Flag determination unit
Claims (4)
1.-3. (canceled)
4. A secure maximum value computation apparatus comprising:
initialization circuitry configured to set X′=X, assuming X={((x1)), ((x2)), . . . , ((xn))};
pair creation circuitry configured to create, from among the X′, one or more pairs in such a manner that no element in the X′ is included in two or more pairs;
determination circuitry configured to determine, through secure computation, a secret value that is a larger value among ((xi)) and ((xj)) included in each of the one or more pairs, with respect to an order R for each of the one or more pairs that are created;
set updating circuitry configured to set, as a new X′, when there is a secret value that is not included in the one or more pairs in the X′, a set including the secret value that is not included in the one or more pairs in the X′ and the secret value determined by the determination circuitry;
control circuitry configured to perform a control to repeat, with the new X′ as the X′, processing operations of the pair creation circuitry, the determination circuitry, and the set updating circuitry until |X′|=1 holds; and
flag determination circuitry configured to determine, with a secret value that is an only element of the X′ that meets X′=I as a maximum value, a flag ((z(xi))) (i=1, . . . , n) in such a manner that ((z(xg)))=((1)) holds when ((xg)) (g∈[1, n]) is a maximum value and ((z(xi)))=((0)) holds when i≠g holds.
5. A secure maximum value computation method comprising:
setting X′=X, assuming X={((x1)), ((x2)), . . . , ((xn))};
creating, from among the X′, one or more pairs in such a manner that no element in the X′ is included in two or more pairs;
determining, through secure computation, a secret value that is a larger value among ((xi)) and ((xj)) included in each of the one or more pairs, with respect to an order R for each of the one or more pairs that are created;
setting, as a new X′, when there is a secret value that is not included in the one or more pairs in the X′, a set including the secret value that is not included in the one or more pairs in the X′ and the secret value which has been determined;
performing a control to repeat with the new X′ as the X′, processing operations of the creating of the one or more pairs, the determining, and the setting as the new X′ until |X′|=1 holds; and
determining with a secret value that is an only element of the X′ that meets |X′|=1 as a maximum value, a flag ((z(xi)))(i=1, . . . , n) in such a manner that ((z(xg)))=((1)) holds when ((xg)) (g∈[1, n]) is a maximum value and ((z(xi)))=((0)) holds when i≠g holds.
6. A non-transitory computer readable medium that stores a program configured to cause a computer to perform as each step of the secure maximum value computation method according to claim 5 .
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2020/001546 WO2021144974A1 (en) | 2020-01-17 | 2020-01-17 | Secret maximum value calculation device, method, and program |
Publications (1)
Publication Number | Publication Date |
---|---|
US20230029772A1 true US20230029772A1 (en) | 2023-02-02 |
Family
ID=76864063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/791,557 Pending US20230029772A1 (en) | 2020-01-17 | 2020-01-17 | Secret maximum value calculation apparatus, method and program |
Country Status (6)
Country | Link |
---|---|
US (1) | US20230029772A1 (en) |
EP (1) | EP4092654A4 (en) |
JP (1) | JP7322976B2 (en) |
CN (1) | CN114930431A (en) |
AU (1) | AU2020422786B2 (en) |
WO (1) | WO2021144974A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140201126A1 (en) * | 2012-09-15 | 2014-07-17 | Lotfi A. Zadeh | Methods and Systems for Applications for Z-numbers |
US20190268149A1 (en) * | 2018-02-28 | 2019-08-29 | Vmware, Inc. | Methods and systems that efficiently and securely store encryption keys |
US20190372765A1 (en) * | 2018-06-01 | 2019-12-05 | Roland Tegeder | System and Method for Providing an Authorised Third Party with Overt Ledger Secured Key Escrow Access to a Secret |
US20200119932A1 (en) * | 2018-10-11 | 2020-04-16 | Arizona Board of Regents on Behalf of North Arizona University | Response-based cryptography using physical unclonable functions |
US20230039723A1 (en) * | 2020-01-16 | 2023-02-09 | Nippon Telegraph And Telephone Corporation | Secret hash table construction system, reference system, methods for the same |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0764766A (en) * | 1993-08-24 | 1995-03-10 | Fujitsu Ltd | Maximum and minimum value calculating method for parallel computer |
-
2020
- 2020-01-17 US US17/791,557 patent/US20230029772A1/en active Pending
- 2020-01-17 JP JP2021570612A patent/JP7322976B2/en active Active
- 2020-01-17 CN CN202080092455.4A patent/CN114930431A/en active Pending
- 2020-01-17 AU AU2020422786A patent/AU2020422786B2/en active Active
- 2020-01-17 EP EP20914522.6A patent/EP4092654A4/en active Pending
- 2020-01-17 WO PCT/JP2020/001546 patent/WO2021144974A1/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140201126A1 (en) * | 2012-09-15 | 2014-07-17 | Lotfi A. Zadeh | Methods and Systems for Applications for Z-numbers |
US20190268149A1 (en) * | 2018-02-28 | 2019-08-29 | Vmware, Inc. | Methods and systems that efficiently and securely store encryption keys |
US20190372765A1 (en) * | 2018-06-01 | 2019-12-05 | Roland Tegeder | System and Method for Providing an Authorised Third Party with Overt Ledger Secured Key Escrow Access to a Secret |
US20200119932A1 (en) * | 2018-10-11 | 2020-04-16 | Arizona Board of Regents on Behalf of North Arizona University | Response-based cryptography using physical unclonable functions |
US20230039723A1 (en) * | 2020-01-16 | 2023-02-09 | Nippon Telegraph And Telephone Corporation | Secret hash table construction system, reference system, methods for the same |
Also Published As
Publication number | Publication date |
---|---|
AU2020422786A1 (en) | 2022-07-14 |
AU2020422786B2 (en) | 2023-04-27 |
WO2021144974A1 (en) | 2021-07-22 |
JP7322976B2 (en) | 2023-08-08 |
CN114930431A (en) | 2022-08-19 |
EP4092654A1 (en) | 2022-11-23 |
EP4092654A4 (en) | 2023-10-11 |
JPWO2021144974A1 (en) | 2021-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110457912B (en) | Data processing method and device and electronic equipment | |
KR20200044103A (en) | High-precision privacy protection real-time function evaluation | |
CN111125727B (en) | Confusion circuit generation method, prediction result determination method, device and electronic equipment | |
Schneider | Engineering secure two-party computation protocols: design, optimization, and applications of efficient secure function evaluation | |
CN112805769B (en) | Secret S-type function calculation system, secret S-type function calculation device, secret S-type function calculation method, and recording medium | |
US20220197994A1 (en) | Neural network confidentiality | |
WO2018008545A1 (en) | Secure computation system, secure computation device, secure computation method, and program | |
EP4016506B1 (en) | Softmax function secret calculation system, softmax function secret calculation device, softmax function secret calculation method, neural network secret calculation system, neural network secret learning system, and program | |
Stoian et al. | Deep neural networks for encrypted inference with tfhe | |
Wang | When quantum computation meets data science: Making data science quantum | |
Jang et al. | Parallel quantum addition for Korean block ciphers | |
US20230029772A1 (en) | Secret maximum value calculation apparatus, method and program | |
CN116094686B (en) | Homomorphic encryption method, homomorphic encryption system, homomorphic encryption equipment and homomorphic encryption terminal for quantum convolution calculation | |
CN106796764B (en) | Partial character string position detection device, method and recording medium | |
Semenov et al. | Finding effective SAT Partitionings via black-box optimization | |
KR20220097330A (en) | System, apparatus and method for privacy preserving machine learning process | |
KR20230087377A (en) | Computing apparatus and method for integrating different homomorphic operations in homomorphic encryption | |
KR102491902B1 (en) | Device and method for operation of encrypted data using fully homomorphic encryption | |
US20230033922A1 (en) | Secret maximum value calculation apparatus, method and program | |
Wang et al. | PristiQ: A Co-Design Framework for Preserving Data Security of Quantum Learning in the Cloud | |
CN116415271A (en) | Data processing method and computing platform | |
CN113849837A (en) | Training method, device and equipment of security model and data processing method | |
US20220318338A1 (en) | Secure conjugate gradient method computation system, secure computation apparatus, conjugate gradient method computation apparatus, secure conjugate gradient method computation method, conjugate gradient method computation method, and program | |
KR102491894B1 (en) | Device and method for logistic regression analysis operation of encrypted data using fully homomorphic encryption | |
Oh et al. | Efficient software implementation of homomorphic encryption for addition and multiplication operations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HAMADA, KOKI;KIKUCHI, RYO;SIGNING DATES FROM 20210113 TO 20210114;REEL/FRAME:060458/0484 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |